Forum Discussion

Terry_Yau_91196's avatar
Terry_Yau_91196
Icon for Nimbostratus rankNimbostratus
Sep 01, 2009

Window SSL Certificate to Loadbalancer

Hello,

 

 

I face a problem to put the window SSL Certification to F5 loadbalancer.

 

First, I export the certificate from window server and paste the String to Loadbalancer. Then the SSL certificate can be imported to load balancer.

 

However, I can't create a SSL Client profile if I only choose the imported certificate. It prompt the error message with "the certificate and key do not match.

 

Is it necessary to import the certificate and key to load balancer?If yes, how can I get the key from the window server?

 

Actually, I try to create a new SSL certificate in window server, there is only certreq.txt generated to CA, no any other private key?

 

 

Thanks and Regards,

 

Terry
config
design

2 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Sep 01, 2009
    Hi Terry,

     

     

    In order to decrypt the client traffic using the SSL certificate, you must import the key which was created with the CSR you sent to the CA. The key would have been generated at the same time the certreq.txt file was created. It should be on the server you generated the CSR on. If you get stuck on this, you might try searching for details on Microsoft's site or posting on a Windows-specific forum.

     

     

    Once you get the cert/key, if you have any problems and don't find any related solutions on AskF5.com, reply here and someone can help.

     

     

    Aaron
  • L4L7_53191's avatar
    L4L7_53191
    Icon for Nimbostratus rankNimbostratus
    Sep 02, 2009
    Terry, if you haven't already, check out the solution (Sol6549) titled "Converting PKCS certificates to PEM format for use with the BIG-IP LTM and ASM".

     

     

    It can be found at: https://support.f5.com/kb/en-us/solutions/public/6000/500/sol6549.html

     

     

    Hopefully this will help you. I've found this one to be extremely useful in the past and I refer to it every time I have to convert IIS certificates to PEM format for the BigIP.

     

     

    -Matt